allow specifying cipher suites for the ui server via config (#2252)

Signed-off-by: Abhijeet V <[email protected]>
AthenZ · Jul 25, 2023 · 60c48df · 60c48df
1 parent 88c8987
commit 60c48df
Show file tree

Hide file tree

Showing 14 changed files with 55 additions and 22 deletions.
diff --git a/ui/app.js b/ui/app.js
@@ -16,6 +16,7 @@
 process.chdir(__dirname);
 const https = require('https');
 const express = require('express');
+const { constants } = require('crypto');
 const next = require('next');
 const appConfig = require('./src/config/config')();
 const secrets = require('./src/server/secrets');
@@ -78,6 +79,9 @@ Promise.all([nextApp.prepare(), secrets.load(appConfig)])
                 {
                     cert: secrets.serverCert,
                     key: secrets.serverKey,
+                    secureOptions:
+                        constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1,
+                    ciphers: appConfig.serverCipherSuites,
                 },
                 expressApp
             );

diff --git a/ui/src/__tests__/components/header/RoleDetails.test.js b/ui/src/__tests__/components/header/RoleDetails.test.js
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 import React from 'react';
-import { renderWithRedux } from '../../../tests_utils/ComponentsTestUtils';;
+import { renderWithRedux } from '../../../tests_utils/ComponentsTestUtils';
 import CollectionDetails from '../../../components/header/CollectionDetails';
 
 describe('RoleDetails', () => {

diff --git a/ui/src/__tests__/components/policy/PolicyRow.test.js b/ui/src/__tests__/components/policy/PolicyRow.test.js
@@ -27,7 +27,12 @@ describe('PolicyRow', () => {
         const { getByTestId } = renderWithRedux(
             <table>
                 <tbody>
-                    <PolicyRow name={name} color={color} isActive={true} timeZone={timeZone} />
+                    <PolicyRow
+                        name={name}
+                        color={color}
+                        isActive={true}
+                        timeZone={timeZone}
+                    />
                 </tbody>
             </table>
         );

diff --git a/ui/src/__tests__/components/role/RoleMember.test.js b/ui/src/__tests__/components/role/RoleMember.test.js
@@ -22,7 +22,9 @@ describe('Member', () => {
     it('should render', () => {
         let member = { memberName: 'user.test2' };
 
-        const { getByTestId } = renderWithRedux(<Member item={member} idx={0} />);
+        const { getByTestId } = renderWithRedux(
+            <Member item={member} idx={0} />
+        );
         const roleMember = getByTestId('tag');
         expect(roleMember).toMatchSnapshot();
     });

diff --git a/ui/src/__tests__/components/service/InstanceTable.test.js b/ui/src/__tests__/components/service/InstanceTable.test.js
@@ -47,5 +47,5 @@ describe('InstanceTable', () => {
         const instanceTable = getByTestId('instancetable');
 
         expect(instanceTable).toMatchSnapshot();
-   });
+    });
 });
diff --git a/ui/src/__tests__/pages/workflow/domain.test.js b/ui/src/__tests__/pages/workflow/domain.test.js
@@ -125,9 +125,7 @@ describe('PendingApprovalPage', () => {
             getPendingDomainMembersList: jest
                 .fn()
                 .mockReturnValue(Promise.resolve(pendingData)),
-            getTimeZone: jest
-                .fn()
-                .mockReturnValue(Promise.resolve(timeZone)),
+            getTimeZone: jest.fn().mockReturnValue(Promise.resolve(timeZone)),
         };
         // const pendingUserData = buildUserForState(pendingData);
         // const domainData = buildDomainDataForState(pendingData, domain);

diff --git a/ui/src/components/domain/ManageDomains.js b/ui/src/components/domain/ManageDomains.js
@@ -28,7 +28,10 @@ import { deleteSubDomain } from '../../redux/thunks/domains';
 import { connect } from 'react-redux';
 import { withRouter } from 'next/router';
 import { selectBusinessServices } from '../../redux/selectors/domainData';
-import { selectBusinessServicesAll, selectTimeZone } from '../../redux/selectors/domains';
+import {
+    selectBusinessServicesAll,
+    selectTimeZone,
+} from '../../redux/selectors/domains';
 
 const ManageDomainSectionDiv = styled.div`
     margin: 20px;

diff --git a/ui/src/components/member/Member.js b/ui/src/components/member/Member.js
@@ -73,11 +73,19 @@ class Member extends React.Component {
     render() {
         let exp = this.props.item.expiration;
         if (exp) {
-            exp = this.localDate.getLocalDate(exp, this.props.timeZone, this.props.timeZone);
+            exp = this.localDate.getLocalDate(
+                exp,
+                this.props.timeZone,
+                this.props.timeZone
+            );
         }
         let review = this.props.item.reviewReminder;
         if (review) {
-            review = this.localDate.getLocalDate(review, this.props.timeZone, this.props.timeZone);
+            review = this.localDate.getLocalDate(
+                review,
+                this.props.timeZone,
+                this.props.timeZone
+            );
         }
 
         let fullName = '';

diff --git a/ui/src/components/member/MemberList.js b/ui/src/components/member/MemberList.js
@@ -189,7 +189,7 @@ const mapStateToProps = (state, props) => {
     return {
         ...props,
         isLoading: selectIsLoading(state),
-        timeZone: selectTimeZone(state)
+        timeZone: selectTimeZone(state),
     };
 };
 

diff --git a/ui/src/components/pending-approval/PendingApprovalTable.js b/ui/src/components/pending-approval/PendingApprovalTable.js
@@ -29,7 +29,10 @@ import {
 import produce from 'immer';
 import { processPendingMembers } from '../../redux/thunks/domains';
 import { connect } from 'react-redux';
-import { selectPendingMembersList, selectTimeZone } from '../../redux/selectors/domains';
+import {
+    selectPendingMembersList,
+    selectTimeZone,
+} from '../../redux/selectors/domains';
 import NameUtils from '../utils/NameUtils';
 
 const TableHeader = styled.th`

diff --git a/ui/src/components/review/ReviewRow.js b/ui/src/components/review/ReviewRow.js
@@ -86,17 +86,17 @@ export default class ReviewRow extends React.Component {
         let color = this.props.color;
         let exp = member.expiration
             ? this.localDate.getLocalDate(
-                member.expiration,
-                this.props.timeZone,
-                this.props.timeZone
-            )
+                  member.expiration,
+                  this.props.timeZone,
+                  this.props.timeZone
+              )
             : 'N/A';
         let reminder = member.reviewReminder
             ? this.localDate.getLocalDate(
-                member.reviewReminder,
-                this.props.timeZone,
-                this.props.timeZone
-            )
+                  member.reviewReminder,
+                  this.props.timeZone,
+                  this.props.timeZone
+              )
             : 'N/A';
 
         rows.push(

diff --git a/ui/src/components/role/RoleList.js b/ui/src/components/role/RoleList.js
@@ -30,7 +30,10 @@ import { selectRoles } from '../../redux/selectors/roles';
 import { selectDomainAuditEnabled } from '../../redux/selectors/domainData';
 import AddMemberToRoles from './AddMemberToRoles';
 import { selectIsLoading } from '../../redux/selectors/loading';
-import { selectHeaderDetails, selectTimeZone } from '../../redux/selectors/domains';
+import {
+    selectHeaderDetails,
+    selectTimeZone,
+} from '../../redux/selectors/domains';
 import { ReduxPageLoader } from '../denali/ReduxPageLoader';
 
 const RolesSectionDiv = styled.div`

diff --git a/ui/src/components/service/ServiceList.js b/ui/src/components/service/ServiceList.js
@@ -28,7 +28,10 @@ import { deleteService } from '../../redux/thunks/services';
 import { connect } from 'react-redux';
 import { selectServices } from '../../redux/selectors/services';
 import { selectIsLoading } from '../../redux/selectors/loading';
-import { selectTimeZone, selectFeatureFlag } from '../../redux/selectors/domains';
+import {
+    selectTimeZone,
+    selectFeatureFlag,
+} from '../../redux/selectors/domains';
 import { ReduxPageLoader } from '../denali/ReduxPageLoader';
 
 const ServicesSectionDiv = styled.div`

diff --git a/ui/src/config/default-config.js b/ui/src/config/default-config.js
@@ -147,6 +147,8 @@ const config = {
         msdAuthHeaderPath:
             '/var/lib/sia/tokens/msd-api-access/msd-api-access-token',
         numberOfRetry: 2,
+        serverCipherSuites:
+            'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
     },
     unittest: {
         zmsConnectSrcUrl: 'https://localhost:4443',
@@ -186,6 +188,8 @@ const config = {
         msdAuthHeaderPath:
             '/var/lib/sia/tokens/msd-api-access/msd-api-access-token',
         numberOfRetry: 2,
+        serverCipherSuites:
+            'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
     },
 };
-Original file line number
+Diff line change
@@ Expand Up / @@ -47,5 +47,5 @@ describe('InstanceTable', () => { @@
             const instanceTable = getByTestId('instancetable');
             expect(instanceTable).toMatchSnapshot();
-       });
+        });
     });